Via What Surveillance Intercepts Is the Government Chasing Manafort’s Ghost-Writing?

In this post on The Bail Fight that Manafort and Gates Can’t Win, I suggested,

I feel like Mueller’s prosecutors are playing with these two men as cats play with balls, just patiently batting them around, waiting for the inevitable admission that they can’t make bail because they don’t have assets they can put up because everything they own has been laundered. At which point, after getting the judge rule over and over that they’re flight risks, I suppose the government will move to throw them in the pokey, which will finally get them to consider flipping.

Mueller’s team is still engaging in this play.

The day after Manafort finally submitted his bid for bail on November 30, the government said it couldn’t respond right away because “information … has come to the government’s attention … which the government is still examining.”

The government seeks the Court’s leave to have until Monday, December 4, 2017, to file its submission, in light of information that has come to the government’s attention only after defendant’s Motion was filed, which the government is still examining. Undersigned counsel has been unable to obtain defendant Manafort’s position on this motion by the time of this filing, despite efforts to do so. 1

1 Counsel for the government has been in contact with counsel for defendant Manafort about the newly-acquired information described above.

That information, as was widely reported yesterday, is that Manafort was drafting an op-ed with someone deemed to have ties to Russian intelligence.

As late as November 30, 2017, Manafort and a colleague were ghostwriting an editorial in English regarding his political work for Ukraine. Manafort worked on the draft with a long-time Russian colleague of Manafort’s, who is currently based in Russia and assessed to have ties to a Russian intelligence service.

The government argued that the effort to ghost write a defensive op-ed violated the Court’s prohibition on trying the case in the press. It also made it clear that the op-ed was not “entirely accurate, fair, and balanced.” Having thus violated one of the Court’s rules, the government argued, Manafort would need to put up more as bail.

Because Manafort has now taken actions that reflect an intention to violate or circumvent the Court’s existing Orders, at a time one would expect particularly scrupulous adherence, the government submits that the proposed bail package is insufficient reasonably to assure his appearance as required.

The government was already going to ask that the Court “make the bond forfeitable upon a breach of any condition of the defendant’s release, not just his failure to appear (a provision that is on the Court’s standard form but is not checked off in the submission made by the defense),” something that, it seemed, Manafort was already trying to pull a fast one to avoid.

In other words, there’s a good chance that the next time Manafort violates the Courts conditions, he’ll lose a house.

But that’s not the part I’m most amused about here. It’s the way in which the government revealed it knew about the op-ed, with first the call to his counsel, the notice it was rethinking the adequacy of his bail proposal, the with this description in the court filing (which predictably instantly lit up cable news).

As a surveillance wonk, this is the question I most want answered: how did the government find out about this op-ed, and what thought process went into revealing that it had found out? After all, if it was to be ghost-written, Manafort intended to hide that he had written it. But he has to know he’s wired up with surveillance like a Christmas tree. So via what means was Manafort collaborating with his Russian intelligence friend?

Effectively, on top of tattling to the judge that Manafort was breaking her rules, demanding Manafort risk a home or two next time he pulls this kind of stunt, and asking him to find more liquid assets if he wants off of house arrest, the government is also telling Manafort that whatever communication method he believed to be hidden from government view actually is not.

Which means he now knows that any other communications he’s been having with this Russian intelligence person also aren’t hidden from view.

Update: Yanukovych’s flack Oleg Voloshyn has IDed himself as the named author of the op-ed, but he says Manafort only provided a bit of input. Voloshyn said he passed the op-ed to Manafort through Konstantin Kilimnik, the same guy Manafort was reporting back to during the campaign.

Voloshyn said that he sent his unpublished editorial last week to Konstantin Kilimnik, a longtime associate of Manafort in Ukraine, who then forwarded it on to Manafort.

The Unmasking Panic and the Flynn Plea

Yesterday, Eli Lake was the first person to confirm the identity of the “very senior” official who “directed FLYNN to contact officials from foreign governments, including Russia, to learn where each government stood on the resolution” condemning Israel’s illegal settlements.

At the time, the U.N. Security Council resolution on Israeli settlements was a big deal. Even though the Obama administration had less than a month left in office, the president instructed his ambassador to the United Nations to abstain from a resolution, breaking a precedent that went back to 1980 when it came to one-sided anti-Israel resolutions at the U.N.

This was the context of Kushner’s instruction to Flynn last December. One transition official at the time said Kushner called Flynn to tell him he needed to get every foreign minister or ambassador from a country on the U.N. Security Council to delay or vote against the resolution. Much of this appeared to be coordinated also with Israeli prime minister Benjamin Netanyahu, whose envoys shared their own intelligence about the Obama administration’s lobbying efforts to get member states to support the resolution with the Trump transition team.

Lake was also the reporter who got the earliest “scoops” on the unmasking panic earlier this year.

There’s a reason for that. They’re the same story.

In April, I laid out how Devin Nunes was at the center of both the January unmasking panic and the panic on behalf of a bunch of Republicans, during the Iran deal negotiations, who got their collusion with Bibi Netanyahu to kill the deal sucked up.

Throughout his ongoing information operation to claim the Obama White House spied on the Trump transition team, Devin Nunes has pointed to what he claimed was a precedent: when, in December 2015, members of Congress suddenly copped on that their conversations with Bibi Netanyahu would get picked up incidentally. In his March 22 press conference, he explained,

We went through this about a year and a half ago as it related to members of Congress, if you may remember there was a report I think it was in the Wall Street Journal and but then we had to have we had a whole series of hearings and then we had to have changes made to how Congress is informed if members of Congress are picked up in surveillance and this looks it’s like very similar to that.

Eli Lake dutifully repeated it in the second of his three-post series pitching Nunes’ information operation.

A precedent to what may have happened with the Trump transition involved the monitoring of Israel’s prime minister and other senior Israeli officials. The Wall Street Journal reported at the end of 2015 that members of Congress and American Jewish groups were caught up in this surveillance and that the reports were sent to the White House. This occurred during a bitter political fight over the Iran nuclear deal. In essence the Obama White House was learning about the strategy of its domestic political opposition through legal wiretaps of a foreign head of state and his aides.

But Lake didn’t apparently think through what the implications of Nunes’ analogy — or the differences between the two cases.

Here’s the WSJ report and CBS and WaPo versions that aren’t paywalled. All make it very clear that Devin Nunes took the lead in worrying about his conversations with Bibi Netanyahu being sucked up (I don’t remember Republicans being as sympathetic when Jane Harman got sucked up in a conversation with AIPAC).

It’s clear now that it’s all one panic.

The most public confirmed unmasking involved Susan Rice discovering that Sheikh Mohammed bin Zayed al-Nahyan had a secret meeting with Flynn, Kushner, and Bannon in NY.

Former national security adviser Susan Rice privately told House investigators that she unmasked the identities of senior Trump officials to understand why the crown prince of the United Arab Emirates was in New York late last year, multiple sources told CNN.

The New York meeting preceded a separate effort by the UAE to facilitate a back-channel communication between Russia and the incoming Trump White House.
The crown prince, Sheikh Mohammed bin Zayed al-Nahyan, arrived in New York last December in the transition period before Trump was sworn into office for a meeting with several top Trump officials, including Michael Flynn, the president’s son-in-law, Jared Kushner, and his top strategist Steve Bannon, sources said.

But we now know that there would be intercepts between Netanyahu and Kushner leading up to it.

I wouldn’t even be surprised if the Republicans are so certain they’ve been unmasked because Israel has their own way of discovering such things.

I’ve laid out how Jared Kushner’s “peace” “plan” really is just an attempt to remap the Middle East to the interests of Israel and Saudi Arabia, interests which require significantly more belligerence against Iran than Obama showed. The unmasked discussions would include the ones that preceded Kushner’s order to Flynn to try to undercut the resolution, as well as whatever else Kushner discussed with Netanyahu at the time.

Next Stop: Jared

This morning at 8, I was on Democracy Now talking about how then reported and now completed Flynn plea agreement would focus attention directly on Jared.

Since then, Mike Flynn indeed pled guilty to one charge of false statements to the FBI about various conversations with Sergei Kislyak, promising he’d fully cooperate with Mueller’s inquiry. Reports describe that Flynn spoke with an unnamed senior advisor who was at Mar A Lago at the time about his December 29 conversations with Kislyak, which pertained to Russian sanctions. They also say Flynn will testify against Trump and members, plural, of his family, particularly regarding the orders he had to reach out to Russia.

The other lie charged about conversations with Kislyak involves a request that Russia try to delay or shut down a vote on condemning Israel’s illegal settlements.

That’s a key lie, because we know who was pushing that: Jared Kushner (though the court filing suggests it might be someone even more senior).

Robert Mueller’s investigators are asking questions about Jared Kushner’s interactions with foreign leaders during the presidential transition, including his involvement in a dispute at the United Nations in December, in a sign of the expansive nature of the special counsel’s probe of Russia’s alleged meddling in the election, according to people familiar with the matter.

The investigators have asked witnesses questions about the involvement of Mr. Kushner, President Donald Trump’s son-in-law and a senior White House adviser, in a controversy over a U.N. resolution passed Dec. 23, before Mr. Trump took office, that condemned Israel’s construction of settlements in disputed territories, these people said.

Israeli officials had asked the incoming Trump administration to intervene to help block it. Mr. Trump posted a Facebook message the day before the U.N. vote—after he had been elected but before he had assumed office—saying the resolution put the Israelis in a difficult position and should be vetoed.

[snip]

Israeli officials said at the time that they began reaching out to senior leaders in Mr. Trump’s transition team. Among those involved were Mr. Kushner and political strategist Stephen Bannon, according to people briefed on the exchanges.

So that second lie — and almost certainly the first — involves Kushner directing Flynn.

I noted yesterday CNN’s report that in the last few weeks — so during the window when Mueller was in close discussions about Flynn flipping — Mueller’s team interviewed Kushner asking if he had any exonerating information on Flynn.

Mueller’s team specifically asked Kushner about former national security advisor Michael Flynn, who is under investigation by the special counsel, two sources said. Flynn was the dominant topic of the conversation, one of the sources said.

[snip]

The conversation lasted less than 90 minutes, one person familiar with the meeting said, adding that Mueller’s team asked Kushner to clear up some questions he was asked by lawmakers and details that emerged through media reports. One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

The meeting took place around the same time the special counsel asked witnesses about Kushner’s role in the firing of former FBI Director James Comey and his relationship with Flynn, these people said.

Mueller was, effectively, locking in Kushner’s testimony before Flynn flipped. As I said this morning, speaking of that meeting,

The Kushner meeting was reported as kind of one of the last things that Mueller had to put into place before this plea agreement that people have been talking about with Mike Flynn. And that suggests that there is more news about to drop regarding Mike Flynn that I think is going to really dramatically change how Republicans take the Russian investigation.

Flynn had been avoiding discussing plea agreements for months and months and months, and then really in the last two weeks, all of a sudden it seems like it’s about to happen. Mueller has more leverage over Flynn in the last couple of weeks. It may be Turkey, because a key witness in New York has turned state’s evidence and apparently has information on Flynn. I think there’s some other information.

And so, Flynn, we expect, is moving towards a plea agreement. We expect, or I expect, that’s going to add a lot more pressure on Trump. And I have been saying for months that the way to get to Kushner is through Flynn. Because a lot of the events in which Flynn was involved, such as meeting with Sergei Kislyak in December, they connect very closely with activities that Kushner is known to be involved with.

Kushner may now be hoping he’ll be in a he-said he-said with Flynn, except it’s unlikely Mueller would give Flynn this easy plea without a whole lot more to know that Flynn would be telling the truth. Remember, Kushner is one of the few people aside from Flynn himself who has a very appropriate lawyer for this kind of issue.

Throwing H2O on the Pompeo to State Move

I could be totally wrong, but I don’t think the reported plan for Rex Tillerson to step down, to be replaced by Mike Pompeo, who in turn will be replaced by Tom Cotton (or maybe Admiral Robert Harward because Republicans can’t afford to defend an Arkansas Senate seat), will really happen.

The White House has developed a plan to force out Secretary of State Rex W. Tillerson, whose relationship with President Trump has been strained, and replace him with Mike Pompeo, the C.I.A. director, perhaps within the next several weeks, senior administration officials said on Thursday.

Mr. Pompeo would be replaced at the C.I.A. by Senator Tom Cotton, a Republican from Arkansas who has been a key ally of the president on national security matters, according to the White House plan. Mr. Cotton has signaled that he would accept the job if offered, said the officials, who insisted on anonymity to discuss sensitive deliberations before decisions are announced.

I say that for two reasons.

First, because of all the evidence that Mike Flynn is working on a plea deal. Particularly given that Mueller has decided he doesn’t need any more evidence of Flynn’s corrupt dealings with Turkey, I suspect his leverage over Flynn has gone well beyond just those crimes (which, in turn, is why I suspect Flynn has decided to flip).

I think that when the plea deal against Flynn is rolled out, it will be associated with some fairly alarming allegations against him and others, allegations that will dramatically change how willing Republicans are to run interference for Trump in Congress.

If I’m right about that, it will make it almost impossible for Pompeo to be confirmed as Secretary of State. Already, Senate Foreign Relations Committee Chair Bob Corker, who’d oversee the confirmation, is sending signals he’s not interested in seeing Pompeo replace Tillerson.

“I could barely pick Pompeo out of a lineup” Sen. Bob Corker (R-Tenn.), chairman of the Senate Foreign Relations Committee, said Thursday morning.

Already, Pompeo’s cheerleading of Wikileaks during the election should have been disqualifying for the position of CIA Director. That’s even more true now that Pompeo himself has deemed them a non-state hostile intelligence service.

Add in the fact that Pompeo met with Bill Binney to hear the skeptics’ version of the DNC hack, and the fact that Pompeo falsely suggested that the Intelligence Community had determined Russia hadn’t affected the election. Finally, add in the evidence that Pompeo has helped Trump obstruct the investigation and his role spying on CIA’s own investigation into it, and there’s just far too much smoke tying Pompeo to the Russian operation.

All that will become toxic once Mike Flynn’s plea deal is rolled out, I believe.

So between Corker and Marco Rubio, who both treat Russia’s hack of the election with real seriousness (remember, too, that Rubio himself was targeted), I don’t see how Pompeo could get out of the committee.

But there’s another reason I don’t think this will happen. I suspect it — like earlier threats to replace Jeff Sessions — is just an attempt to get Tillerson to hew the Administration line on policy. The NYT cites Tillerson’s difference of opinion on both North Korea and Iran.

Mr. Trump and Mr. Tillerson have been at odds over a host of major issues, including the Iran nuclear deal, the confrontation with North Korea and a clash between Arab allies. The secretary was reported to have privately called Mr. Trump a “moron” and the president publicly criticized Mr. Tillerson for “wasting his time” with a diplomatic outreach to North Korea

It’s Iran that’s the big issue, particularly as Jared frantically tries to finish his “peace” “plan” before he gets arrested himself. The fact that Trump has floated Cotton as Pompeo’s replacement is strong support for the notion that this is about forcing Tillerson to accept the Administration lies about Iran and the nuclear deal: because Cotton, more than anyone else, has been willing to lie to oppose the deal.

Trump is basically saying that unless Tillerson will adopt the lies the Administration needs to start a war with Iran, then he will be ousted.

But Tillerson’s claim that he doesn’t need to replace all the people who’ve left state because he thinks a lot of domestic issues will be solved soon seems to reflect that he’s parroting the Administration line now.

Obviously, there’s no telling what will happen, because Trump is completely unpredictable.

But he also likes to use threats to get people to comply.

Update: CNN now reporting I’m correct.

On the Jared and Flynn Stories

Amid reports that Mike Flynn is flipping like a pancake, CNN reported (in addition to a report that Mueller’s team canceled a grand jury appearance for former Flynn business associates) that Jared Kushner was asked a bunch of questions about Flynn in an interview earlier this month.

Before reading the details CNN provides, however, consider this line in the story:

It’s not clear that this is the only time that Kushner will meet with the special counsel’s team.

That is, the subtext here is that, even as Mueller’s team preps a plea deal with Flynn, he’s well aware that he remains a key target in conjunction with Flynn events, and may get hauled back before Mueller’s team for all the other stuff. Effectively, they were locking in Kushner’s testimony — including, presumably, about what kind of permission/instructions Flynn had to engage in the corrupt foreign deals he was pushing — from Kushner and his pop-in-law before flipping Flynn.

So here’s how CNN describes the Flynn questions:

Mueller’s team specifically asked Kushner about former national security advisor Michael Flynn, who is under investigation by the special counsel, two sources said. Flynn was the dominant topic of the conversation, one of the sources said.

[snip]

The conversation lasted less than 90 minutes, one person familiar with the meeting said, adding that Mueller’s team asked Kushner to clear up some questions he was asked by lawmakers and details that emerged through media reports. One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

The meeting took place around the same time the special counsel asked witnesses about Kushner’s role in the firing of former FBI Director James Comey and his relationship with Flynn, these people said.

That means, as we speak, Flynn is providing his side of this story, and explaining why Jared was so intent on firing Mueller because Mueller was actively investigating Flynn.

As I’ve long said, you get to Jared through Flynn. It seems like Jared’s team is now hoping he gets a second chance at testimony before he gets busted himself.

The Russian Metadata in the Shadow Brokers Dump

When I first noted, back in April, that there was metadata in one of the Shadow Brokers dumps, I suggested two possible motives for the doxing of several NSA hackers. First (assuming Russia had a role in the operation), to retaliate against US indictments of Russian hackers, including several believed to be tied to the DNC hack.

A number of the few people who’ve noted this doxing publicly have suggested that it clearly supports the notion that a nation-state — most likely Russia — is behind the Shadow Brokers leak. As such, the release of previously unannounced documents to carry out this doxing would be seen as retaliation for the US’ naming of Russia’s hackers, both in December’s election hacking related sanctions and more recently in the Yahoo indictment, to say nothing of America’s renewed effort to arrest Russian hackers worldwide while they vacation outside of Russia.

But leaving the metadata in the documents might also make the investigation more difficult.

[F]our days before Shadow Brokers started doxing NSA hackers, Shadow Brokers made threats against those who’ve commented on the released Shadow Brokers files specifically within the context of counterintelligence investigations, even while bragging about having gone unexposed thus far even while remaining in the United States.

Whatever else this doxing may do, it will also make the investigation into how internal NSA files have come to be plastered all over the Internet more difficult, because Shadow Brokers is now threatening to expose members of TAO.

With that in mind, I want to look at a Brian Krebs piece that makes several uncharacteristic errors to get around to suggesting a Russian-American might have been the guy who leaked the files in question.

He sets out to read the metadata I noted (but did not analyze in detail, because why make the dox worse?) in April to identify who the engineer was that had NSA files discovered because he was running Kaspersky on his home machine.

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.

He links to the WSJ and cites, but doesn’t link, this NYT story on the Kaspersky related breach.

Although Kaspersky was the first to report on the existence of the Equation Group, it also has been implicated in the group’s compromise. Earlier this year, both The New York Times and The Wall Street Journal cited unnamed U.S. intelligence officials saying Russian hackers were able to obtain the advanced Equation Group hacking tools after identifying the files through a contractor’s use of Kaspersky Antivirus on his personal computer. For its part, Kaspersky has denied any involvement in the theft.

Then he turns to NYT’s magnum opus on Shadow Brokers to substantiate the claim the government has investigations into three NSA personnel, two of whom were related to TAO.

The Times reports that the NSA has active investigations into at least three former employees or contractors, including two who had worked for a specialized hacking division of NSA known as Tailored Access Operations, or TAO.

[snip]

The third person under investigation, The Times writes, is “a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer.”

He then turns to the Shadow Brokers’ released metadata to — he claims — identify the two “unnamed” NSA employees and the contractor referenced in The Times’ reporter.”

So who are those two unnamed NSA employees and the contractor referenced in The Times’ reporting?

From there, he points to a guy that few reports that analyzed the people identified in the metadata had discussed, A Russian! Krebs decides that because this guy is Russian he’s likely to run Kaspersky and so he must be the guy who lost these files.

The two NSA employees are something of a known commodity, but the third individual — Mr. Sidelnikov — is more mysterious. Sidelnikov did not respond to repeated requests for comment. Independent Software also did not return calls and emails seeking comment.

Sidelnikov’s LinkedIn page (PDF) says he began working for Independent Software in 2015, and that he speaks both English and Russian. In 1982, Sidelnikov earned his masters in information security from Kishinev University, a school located in Moldova — an Eastern European country that at the time was part of the Soviet Union.

Sildelnikov says he also earned a Bachelor of Science degree in “mathematical cybernetics” from the same university in 1981. Under “interests,” Mr. Sidelnikov lists on his LinkedIn profile Independent Software, Microsoft, and The National Security Agency.

Both The Times and The Journal have reported that the contractor suspected of leaking the classified documents was running Kaspersky Antivirus on his computer. It stands to reason that as a Russian native, Mr. Sildelnikov might be predisposed to using a Russian antivirus product.

Krebs further suggests Sidelnikov must be the culprit for losing his files in the Kaspersky incident because the guy who first pointed him to this metadata, a pentester named Mike Poor, said a database expert like Sidelnikov shouldn’t have access to operational files.

“He’s the only one in there that is not Agency/TAO, and I think that poses important questions,” Poor said. “Such as why did a DB programmer for a software company have access to operational classified documents? If he is or isn’t a source or a tie to Shadow Brokers, it at least begets the question of why he accessed classified operational documents.”

There are numerous problems with Krebs’ analysis — which I pointed out this morning but which he blew off with a really snotty tweet.

First, the NYT story he cites but doesn’t link to notes specifically that the Kaspersky related breach is unrelated to the Shadow Brokers leak, something that I also  pointed out was logically obvious given how long the NSA claimed Hal Martin was behind the Shadow Brokers leak after the government was known to be investigating the Kaspersky related guy.

It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online.

Krebs also misreads the magnum opus NYT story. The very paragraph he quotes from reads like this:

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

That is, there aren’t “two unnamed NSA employees and [a] contractor referenced in The Times’ reporting.” The paragraph he refers to names two of the targets: Hal Martin (the other TAO employee) and Reality Winner. Which leaves just the Kaspersky related guy.

Krebs seemed unaware of the WaPo versions of the story, which include this one where Ellen Nakashima (who was the first to identify this guy last year) described the engineer as a Vietnamese born US citizen. Not a Russian-American, a Vietnamese-American.

Mystery solved Scoob! All without even looking at the Shadow Brokers’ metadata. There’s one more part of the Krebs story which is weird — that he takes the same non-response he got from the known NSA guys doxed by Shadow Brokers from Sidelnikov as somehow indicative of anything, even while if he had been “arrested” as Krebs’ headline mistakenly suggests, then you’d think his phone might not be working at all.

There’s more I won’t say publicly about Krebs’ project, what he really seems to be up to.

But the reason I went through the trouble of pointing out the errors is precisely because Krebs went so far out of his way to find a Russian to blame for … something.

We’ve been seeing Russian metadata in documents for 17 months. Every time such Russian metadata is found, everyone says, Aha! Russians! That, in spite of the fact that the Iron Felix metadata was obviously placed there intentionally, and further analysis showed that some of the other Russian metadata was put there intentionally, too.

At some point, we might begin to wonder why we’re finding so much metadata screaming “Russia”?

Update: After the Vietnamese-American’s guilty plea got announced, Krebs unpublished his doxing post.

A note to readers: This author published a story earlier in the week that examined information in the metadata of Microsoft Office documents stolen from the NSA by The Shadow Brokers and leaked online. That story identified several individuals whose names were in the metadata from those documents. After the guilty plea entered this week and described above, KrebsOnSecurity has unpublished that earlier story.

The Seychelles Meeting Inches Kushner Closer to Quid Pro Quo with Sanctioned Russian Money

The Intercept has an article that has gotten surprisingly little attention, particularly given the reports that Mike Flynn is prepping to flip on Trump and that the House Intelligence Committee will have Erik Prince testify in its investigation.

It reveals that the previously unknown identity of a Russian that Erik Prince met in the Seychelles in January is the CEO of the Russian Direct Investment Fund.

The identity of the Russian individual was not disclosed, but on January 11, a Turkish-owned Bombardier Global 5000 charter plane flew Kirill Dmitriev, CEO of the Russian Direct Investment Fund, to the Seychelles, flight records obtained by The Intercept show. Dmitriev’s plane was an unscheduled charter flight and flew to the island with two other Russian individuals, both women. The RDIF is a $10 billion sovereign wealth fund created by the Russian government in 2011.

[snip]

Although Prince repeatedly stated he couldn’t remember the Russian’s name — “We didn’t exchange cards” — a spokesperson for Frontier Services Group confirmed to The Intercept in September that Prince “crossed paths” with Dmitriev in the Seychelles.

The article goes on to note that the RDIF separated from its parent company Vnesheconombank in 2016 to evade sanctions.

While it is legal to do business with RDIF in certain circumstances, there are several nuanced restrictions that if ignored or overlooked can easily lead to a violation. The resulting uncertainty has created opportunities for companies and individuals to find loopholes to bypass sanctions.

Analysts say RDIF attempted to do this in 2016 when the fund distanced itself from its parent company, the Russian bank Vnesheconombank, or VEB, which is also subject to U.S. sanctions. Legislation signed by Putin in June 2016 enabled RDIF to transfer its management company, known as the RDIF Management Company LLC, to the Russian Federal Agency for State Property Management.

Sadly, the Intercept article doesn’t lay out the timeline this creates:

Early December: Flynn and Kushner meet with Sergei Kislyak

Later December: At the behest of Kislyak, Kushner meets with Vnesheconombank’s Sergey Gorkov

December: Mohammed bin Zayed holds undisclosed meeting in NY with Kushner and Steve Bannon

December 29: Flynn tells Kislyak Trump will ease sanctions

January 11: At behest of Mohammed bin Zayed, Erik Prince meets with Dmitriev

January 17: Anthony Scaramucci meets with RDIF in Davos

How Did Christopher Steele Collect Information after Sources (Allegedly) Dried Up?

Sorry to those who think I’m overly focused on the Christopher Steele dossier, but I’m reading Luke Harding’s book on the Russian investigation, which uses the dossier as a centerpiece. I may do a longer post about what his overall narrative does, but for now there’s a weird paragraph that conveniently is in this long excerpt I want to focus on.

After introducing the first report of the dossier (the one that features the pee tape and dated, non-email kompromat), Harding writes,

The memo was sensational. There would be others, 16 in all, sent to Fusion between June and early November 2016. At first, obtaining intelligence from Moscow went well. For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease. It got harder from late July, as Trump’s ties to Russia came under scrutiny. Finally, the lights went out. Amid a Kremlin cover-up, the sources went silent and information channels shut down.

There are several details that conflict with known facts and/or claimed (in some cases, sworn) ones.

First, Harding suggests there were 16 reports in all. I’m not sure whether he’s suggesting the final total of reports written between June and early November was 16 or whether he’s suggesting there were 16 additional reports in all, for a total of 17. Either way the number works out (there were 17 total reports, one of which was written after November). But that makes the November reference weird. There was no report written in early November. The last known report before the election was dated October 20, and then there wasn’t another one until that December 13 one.

  • 080: June 20, 2016
  • 086: July 26, 2015 (citing events in 2016)
  • 095: not dated
  • 94: July 19, 2016
  • 097: July 30, 2016
  • 100: August 5, 2016
  • 101: August 10, 2016
  • 102: August 10, 2016
  • 136: October 20, 2016
  • 105: August 22, 2016
  • 111: September 14, 2016
  • 112: September 14, 2016
  • 113: September 14, 2016
  • 130: October 12, 2016
  • 134: October 18, 2016
  • 135: October 19, 2016
  • 166: December 13, 2016

In any case, Harding gets the December date sort of correct later in the passage. Except he describes Glenn Simpson giving John McCain the report, dated December 13, before McCain called Jim Comey about it on December 8.

Less than 24 hours later, Kramer returned to Washington. Glenn Simpson then shared a copy of the dossier confidentially with McCain, along with a final Steele memo on the Russian hacking operation, written in December.

McCain believed it was impossible to verify Steele’s claims without a proper investigation. He made a call and arranged a meeting with Comey. Their encounter on 8 December 2016 lasted five minutes. Not much was said. McCain gave Comey the dossier.

I explain the significance of these December dates in this post.

Things are even weirder with the third sentence in this passage.

For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease.

According to the public narrative, Steele wasn’t working for Fusion until the Democrats asked for a Russian focus in June. And the first of his released reports relies on reporting from June. But Harding here suggests Steele was working on it for the six months before that! I pointed to circumstantial evidence that Fusion paid Steele on March 22, April 6, and May 25, in payments they don’t associate with Perkins Coie, in addition to the payments that were probably to him on July 13, August 2, September 1, October 5, and November 1.

Now check out the following sentences. Starting in “late July … the lights went out and … the sources went silent and information channels shut down.”

As the timeline above makes clear, the numbering in the dossier gets funky almost immediately, but the most likely reading suggests after that first, June 20 report, there are 4 reports from late July, and the remaining 12 reports all postdate late July. Report 100, the first post-July one, is sourced to “early August 2016” (and dated August 5).

Now, maybe the paragraph is just totally screwy. But if there’s any basis in fact to it, it suggests the public timeline is wrong (something which may be backed by the payments). More importantly, it suggests Steele’s extensive (albeit very indirect) network of sources stopped providing intelligence not long after he allegedly started his inquiry.

Did the Steele Dossier Lead the Democrats To Be Complacent after They Got Hacked?

I get asked, a lot, why I obsess over the Steele dossier. A lot of people believe that even if the dossier doesn’t pan out, it doesn’t matter because Mueller’s investigation doesn’t depend on it. I’d be more sympathetic to that view if people like Adam Schiff and John Podesta didn’t keep invoking the dossier in ways that makes their legitimate concerns easy to discredit.

But I now believe the dossier may have done affirmative damage.

Consider the timeline.

Perkins Coie lawyer Marc Elias reportedly engaged Fusion for opposition research in April (their first payment was May 24).

April 26, Joseph Mifsud told George Papadopoulos that Russians said they had “dirt” on Hillary Clinton, in the form of emails.

April 29, the DNC discovered they had been hacked. Perkins Coie partner Michael Sussman had a key role in their response.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Sometime in May, Robert Johnston (who then worked at Crowdstrike) briefed the DNC on the hack. He told them how much data had been stolen, but he told them intelligence hackers generally don’t do anything with the stolen data.

When he briefed the DNC in that conference room, Johnston presented a report that basically said, “They’ve balled up data and stolen it.” But the political officials were hardly experienced in the world of intelligence. They were not just horrified but puzzled. “They’re looking at me,” Johnston recalled, “and they’re asking, ‘What are they going to do with the data that was taken?’”

Back then, no one knew. In addition to APT 29, another hacking group had launched malware into the DNC’s system. Called APT 28, it’s also associated Russian intelligence. Andrei Soldatov, a Russian investigative journalist and security expert, said it’s not crystal clear which Russian spy service is behind each hacker group, but like many other cybersecurity investigators, he agreed that Russian intelligence carried out the attack.

So, Johnston said, “I start thinking back to all of these previous hacks by Russia and other adversaries like China. I think back to the Joint Chiefs hack. What did they do with this data? Nothing. They took the information for espionage purposes. They didn’t leak it to WikiLeaks.”

So, Johnston recalled, that’s what he told the DNC in May 2016: Such thefts have become the norm, and the hackers did not plan on doing anything with what they had purloined.

May 25 was likely the date on which the last emails shared with Wikileaks got exfiltrated.

On June 9, Natalia Veselnitskaya met with Don Jr, Jared Kushner, and Paul Manafort at Trump Tower. Both at a Prevezon court hearing that morning and after the Trump Tower meeting, she reportedly met with Fusion’s Glenn Simpson. Though there’s no sign of Baker Hostetler paying for any services anytime near that meeting. Sometime Fusion associate Rinat Akhmetshin accompanied Veselnitskaya to the meeting; it’s possible he was paid for work in June.

Sometime in “mid-June,” the Perkins Coie lawyer Sussman and the DNC first met with the FBI about the hack. They asked the FBI to attribute the hack to Russia.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

The FBI would not attribute the hack formally until the following year.

On June 14, the DNC placed a story with the WaPo, spinning the hack to minimize the damage done.

On June 15, Guccifer 2.0 started posting. In his first post, he proved a number of the statements Crowdstrike or Democrats made to the WaPo were wrong, including that:

  • The hackers took just two documents
  • Only Trump-related documents had been stolen
  • Hillary’s campaign had not been hacked
  • The DNC had responded quickly
  • No donor information had been stolen

Now, you’d think this (plus Julian Assange’s claim to have Hillary emails) would alert the Democrats that Johnston’s advice — that the Russians probably wouldn’t do anything with the data they stole — was wrong. Except that (as far as is publicly known) none of the documents Guccifer 2.0 leaked in that first batch were from the DNC.

Around this same time, Perkins Coie lawyer Marc Elias asked Fusion to focus on Trump’s Russian ties, which led to Christopher Steele’s involvement in the already started oppo effort.

On June 20, Perkins Coie would have learned from a Steele report that the dirt Russia had on Hillary consisted of “bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct.” It would also have learned that “the dossier however had not yet been made available abroad, including to TRUMP or his campaign team.”

On July 19, Perkins Coie would have learned from a Steele report that at a meeting with a Kremlin official named Diyevkin which Carter Page insists didn’t take place, Diyevkin “rais[ed] a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” At that point in time, the reference to kompromat would still be to intercepted messages, not email.

On July 22, Wikileaks released the first trove of DNC emails.

On July 26 — days after Russian-supplied emails were being released to the press — Perkins Coie would receive a Steele report (based on June reporting) that claimed FSB had the lead on hacking in Russia. And the report would claim — counter to a great deal of publicly known evidence — that “there had been only limited success in penetrating the ‘first tier’ foreign targets.” That is, even after the Russian hacked emails got released to the public, Steele would still be providing information to the Democrats suggesting there was no risk of emails getting released because Russians just weren’t that good at hacking.

It appears likely that the Democrats asked Fusion to focus on Russia because they believed they had been badly hacked by Russia.

Everything they learned (and would have learned, if the June reporting on cybersecurity had been produced in timely fashion) between the time they were hacked and when Wikileaks would start releasing massive amounts of emails would have told the Democrats that the Russians hadn’t really succeeded with their hacking, and any kompromat they had on Hillary was not emails, but instead dated intercepts. The Steele dossier would have led them to be complacent, rather than prepping for the onslaught of the emails.

We don’t know how Steele’s intelligence was used within the party. But if they had paid attention to it, it would have done affirmative damage, because it might have led them to continue to rely on Johnston’s opinion that the stolen emails weren’t coming out.

The Dumb Ass Poker Faces in the White House Just Admitted Their Investigation Coincides with Mike Flynn’s

In a big scoop yesterday, NYT reported that Mike Flynn has withdrawn from a joint cooperation agreement with the White House, leading many people to believe that he is moving towards cooperating with Robert Mueller.

Lawyers for Michael T. Flynn, President Trump’s former national security adviser, notified the president’s legal team in recent days that they could no longer discuss the special counsel’s investigation, according to four people involved in the case — an indication that Mr. Flynn is cooperating with prosecutors or negotiating a deal.

Mr. Flynn’s lawyers had been sharing information with Mr. Trump’s lawyers about the investigation by the special counsel, Robert S. Mueller III, who is examining whether anyone around Mr. Trump was involved in Russian efforts to undermine Hillary Clinton’s presidential campaign.

[snip]

[T]he notification led Mr. Trump’s lawyers to believe that Mr. Flynn — who, along with his son, is seen as having significant criminal exposure — has, at the least, begun discussions with Mr. Mueller about cooperating.

[snip]

Mr. Flynn is regarded as loyal to Mr. Trump, but he has in recent weeks expressed serious concerns to friends that prosecutors will bring charges against his son, Michael Flynn Jr., who served as his father’s chief of staff and was a part of several financial deals involving the elder Mr. Flynn that Mr. Mueller is scrutinizing.

The WaPo confirmed NYT’s scoop, adding the detail that Flynn’s lawyer told Trump’s lawyer on Wednesday evening.

The call from Flynn lawyer Robert Kelner to Trump attorney John Dowd came Wednesday evening and is a potentially ominous sign for Trump and his close associates.

Along with all the reports that Mueller was implicating Flynn, Jr in his dad’s corruption, this timing would also closely follow the hints that Reza Zarrab, whose release Flynn reportedly discussed brokering, is now cooperating with prosecutors. It’s unclear how much Zarrab would have learned in jail about efforts to free him, but it’s certainly possible that the knowledge that he is likely cooperating changed Flynn’s calculus as well. And there may be other reasons, still not public, why Flynn reversed his determination to fight prosecution rather than cooperate.

But there’s something really funny about the White House’s confirmation that Flynn pulled out of the joint defense agreement, along with their pathetic claims this doesn’t mean Trump is in trouble.

Jay Sekulow, an attorney for Trump, said, “This is not entirely unexpected.”

“No one should draw the conclusion that this means anything about General Flynn cooperating against the president,” he said, adding, “It’s important to remember that General Flynn received his security clearance under the previous administration.”

Confirming to the press that Flynn pulled out of the joint defense agreement involves confirming that the White House had a joint defense agreement with his lawyers. And that entails confirming that the President is being targeted in matters closely tied to Flynn’s own actions.

Thus far, the crimes Flynn is most publicly being accused of — largely relating to his unreported influence peddling, for both Turkey and Russia — don’t necessarily impact Trump. Given the details that have thus far been made public, those actions could just reflect his own greed, not any overt work with Trump to implement the policies he promised to the Turks he would deliver. Indeed, there’d be little need for Flynn’s lawyers to work with Trump’s if that were the only criminal charges he was facing.

But now several Trump lawyers are on the record saying they viewed themselves as targeted by the same investigation as Flynn is. Which means (unsurprisingly) Trump was probably in the loop on Flynn’s influence peddling. And which also means Flynn’s discussions with Sergei Kislyak about sanctions relief — and his lies about them to the FBI — directly implicate Trump. That’s the stuff that would justify a joint defense agreement, and that’s the stuff the White House just confirmed by confirming the no longer operative joint defense agreement.

In spite of all the claims that Trump isn’t being investigated, Trump’s lawyers have just admitted that they have been treating Flynn’s criminal exposure as related to the President’s own.

image_print